WOSDEC: who we are and what we do

We believe education is the key to making a fairer world possible. We support educators throughout the West of Scotland to develop their skills in Global Citizenship education, and to shape an education system that empowers young people to act as Global Citizens, able and committed to shaping a just and sustainable future for all. We offer expert, accredited Professional Learning opportunities in Global Citizenship, Learning for Sustainability and Rights-based Learning

1. Understanding your rights

It is important that you understand your legal rights around your personal information and how we may use it. If you would like to discuss or exercise any of these rights, please get in touch with us – (Contact details at the end of this Policy notice). You have the following legal rights:

• The Right to be informed: This Privacy Policy ensures that you are informed about how we will process your personal data. You might also see messages on some of our forms (or otherwise when we collect personal data from you) that explain why we ask for specific pieces of information from you.

• The Right of Access: You have the right to access a copy of your personal data and receive certain information about what the data is and how and why we are processing it. Please note that we will require you to prove your identity before we disclose any information.

• The Right to Rectification: If you feel that any of the information that we hold about you is incorrect, do let us know so that we can look into it and amend it to your satisfaction.

• The Right to Object: You have the right to object to the processing that we have outlined in this policy. [See paragraph 4 – right to object]

• The Right to Erasure/to be forgotten: You have the right to request that we delete your information and you can discuss this with us at any time. There are some circumstances where we may need to keep your details, for example, where a legal obligation exists, in which case we will explain and discuss these circumstances with you.

• The Right to Restrict Processing: You can request that we restrict the processing of your information, where for example you feel that the data is inaccurate, our processing unlawful, or you feel we have no further need of it. You can require us to retain the data whilst you seek to establish, exercise or defend a legal claim.

• The Right to Restrict Automated Decision making: You have the right to avoid being subject to decisions based solely on automated processing (including profiling) which has a significant effect on you.

• The Right to Data Portability: You have the right to request a copy of certain personal data to be transferred to another organisation in certain circumstances.

2. The Information we collect and how we use it

• Individuals and Organisations: We collect and process personal data from individuals and organisations in order to help us provide learning opportunities, develop learning programmes, respond to enquiries and provide information. For example we would process your personal data to ensure that you are fully informed regarding continued professional development opportunities and to keep you updated with news of opportunities and events that you may be interested in. For learning participants and organisational/administrative contacts, personal information is normally restricted to name, school and email address. This allows us to meet the legal requirements of most funded programmes, and to keep in touch with you [see paragraph 4 – legitimate interest] It also allows us to interact with you in the most effective way. This does not affect your right to withdraw consent for processing your personal information [ See paragraph 4 – right to object/be forgotten]

• Employees, Trustees and Candidates: We also collect personal information relating to employees, trustees and candidates for employment. This information includes ‘special category’ or ‘sensitive’ data, and is subject to additional safeguards. Further information about such data is summarised in our Privacy Notice which is automatically made available to staff, trustees and candidates. Please see the contact information at the end of this notice for further information about our Privacy Notice.

3. How we collect and Process Information

• Directly: When you register for a learning event, or complete a paper or electronic evaluation proforma, we will record your personal information. The information we process is normally limited, [See Paragraph 2 above] however we will always explain why we are asking for it.

• Indirectly: When your local education authority, trade union or any organisation legitimately connected with your data and our processes communicates information about or registers you for a learning event.

• Third Parties-Data Processors: We will not share your information with any third parties for the purposes of their direct marketing. We work with third parties who provide necessary operational services for us, such as data management, finance, mailing, information technology and web services. We will only share your information with organisations who, directly or indirectly, further the educational aims we uphold. Our contracts prevent sharing or any other use of your personal information not instructed by us, and we will always hold processors to our own high standards of data protection. [See paragraph 6 – keeping information secure]

• Third Parties – Subscriptions: Where we include ‘sign-up’ options in our questionnaire footnotes – for example to Stride Magazine and Signposts – we will always ensure that your explicit permission is sought for this. [See paragraph 4 – consent]

• Anonymous Information – Cookies: These are small data files, downloaded when you browse a website, usually to improve the host’s understanding of how it is being used and so improve user experience. We use both necessary and third-party cookies, fully detailed in the Cookie Policy: http://wosdec.org.uk/cookie-policy. You can set your browser to permit or block cookies and we have included useful help information in our policy to assist you with this. We use no marketing cookies on our site.

4. Legal bases for processing information: Consent and Legitimate Interest

• Consent: We will always carefully consider why we are processing your personal information and identify our legal basis for doing so. Often you will have given us your explicit consent by ‘opting-in’ to the process, and we will always ensure that this neither intrudes on nor diminishes your rights and freedoms.

• Legitimate Interest: We will also process your data on a basis of legitimate interest. We have a duty to funders who facilitate free continuing professional development and other learning opportunities to ensure good governance of their resource and to responsibly report on our work. This includes segmenting and analysing data, research on the effectiveness of programmes, and marketing information about learning opportunities that you may be interested in. This will at times include data that you have provided, in which case your privacy is central to any legitimate interest pursuit.

• Right to object/be forgotten: Very occasionally we will process your information in order to complete a contract with you or to comply with a legal or statutory duty in which case we will always comply with any legal requirement. Should there ever be a legal compulsion to share your information, for example to resolve a complaint, we will ensure that we document our decision making, and that we have a lawful basis on which to share it. However, you still have the right to object to us processing your data on the above grounds, and to withdraw consent where you have ‘opted-in’. You can ask us to stop using your data by using the ‘unsubscribe’ option in our email correspondence, or by contacting us directly to let us know your wishes. Details of how to get in touch are at the end of this notice.

5. Social Media

Using social media is an effective way for us to update you on our work, and to reach other people who are interested in Global Citizenship. You can find out more through the links to social media sites on our website, some of which you may already participate in. However, our site does not rely on membership of any social media group and we will never ask you to register with any social media provider.

6. Keeping your Information secure

We use a combination of organisational and technological security measures to protect your information to the highest standards. On-line activity is protected by secure servers, firewalls, virus & malware protection, secure socket layer (SSL) encryption and secure file transfer protocol.

• Personal data: We retain current and archived hard-copy information in locked storage until it is scheduled for secure destruction. We also ensure that our external data processors hold your information securely and retain it for the period we instruct after which it is deleted or returned to us. Our processors must verify that their standards are within the EU-US Privacy Shield, which sets out clear safeguards and transparency responsibilities for processing data from EU citizens, or show that they otherwise have proper safeguards in place.

• Financial data: Hard-copy information is retained in locked storage until securely disposed of and electronically processed financial information is protected by password and encryption. We follow payment card industry (PCI) security compliance guidelines Page – 4 – of 5 when processing credit card payments, and we ensure that only staff who need to, are authorized to access financial information.

• Electronic storage: All electronic storage – personal computer, laptop, and external USB memory drive – is encrypted and password protected. Staff are trained to understand the importance of keeping your information safe and secure at all times, and to adhere to retention and deletion guidelines. [See paragraph 7 below] As highly publicised instances demonstrate, it is not possible to guarantee one hundred per cent security in the transmission of information when using overarching internet provision. Nevertheless, we strive to ensure that we have the most robust and up-to-date practices in place to protect electronically processed and stored information. We will take equally robust measures in the extremely unlikely event of a data breach, and however that may occur, we will record it, inform the Information Commissioner’s Office, and take appropriate advice from them including fully informing any service user(s) who may be affected.

7. Retention and Disposal

• Personal data: In order to provide the best service we can to our users, we want to ensure that we have up-to-date records for as long as you participate or are interested in our professional learning opportunities and related activities, or as long as the information is retained as part of a funding agreement. Outwith these provisions, we will only hold your data for a maximum period of twelve months unless we are legally obliged to retain it. At the end of this period, we will securely remove your personal information from our records, unless you ‘opt-in’ and give consent to its ongoing retention. Please remember that as you have a right to be forgotten [See paragraphs 1 and 4] you can ask us to delete your information before this limit by using the ‘unsubscribe’ option in our email correspondence, or by contacting us directly to let us know your wishes. Details of how to get in touch are at the end of this notice.

• Financial records: We keep financial information for at least seven years in order to meet our requirements for any audit from HMRC. Funding agreements will also require fixed term retention of some financial data. Information, both electronic and hard-copy, is securely disposed of at the end of the required period.

8. Information on this Policy:

Your personal information (such as your name and contact details, known as ‘personal data’) is protected by specific legislation: Until 25 May 2018: The Data Protection Act 1998. From 25 May 2018 onwards: General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and the Privacy and Electronic Communications (EC Directive) 2003. Your privacy is important to us and we have policies to ensure that we collect only the data that we need in order to further the educational aims of our organisation as outlined in our introductory paragraphs.

If you have an enquiry about this Privacy Policy, have any concerns about how we collect and use your personal data, or about your rights, or wish to unsubscribe, amend, copy, delete, or otherwise alter any information we hold for you, please contact the Data administrator at: Email: hannah.wosdec@btconnect.com Address: WOSDEC, 759B Argyle Street, Glasgow, G3 8NP Telephone: 0141 243 2800 You always have the right to make a complaint directly or to log your concerns online with the UK’s data protection authority, the Information Commissioner’s Office (ICO) at: https://ico.org.uk/global/contact-us/

9. Changes to this Policy:

This policy was last updated on August 2018, and changes that we make from time to time can be tracked here. We will publicise significant changes, such as in how or why we process your personal data, here and on our website and we may contact you directly with this information.

For the purposes of the General Data Protection Regulation (GDPR) the Data Controller is WOSDEC, West of Scotland Development Education Centre, 759B Argyle Street, Glasgow G3 8NP 

Please remember, you can unsubscribe at any time through our website at: http://wosdec.org.uk